The newly discovered evasive malware is Secure Shell (SSH) Cryptographic protocols for penetrating targeted systems for the purpose of mining cryptocurrencies and performing distributed denial of service (DDoS) attacks.
dubbing KmsdBot According to the Akamai Security Intelligence Response Team (SIRT), Golang-based malware has been found targeting companies ranging from games to luxury car brands to security firms.
“Botnets infect systems over SSH connections that use weak login credentials,” said Akamai researcher Larry W. Cashdollar. Said“Malware does not remain permanently on infected systems as a way to avoid detection.”
The malware gets its name from an executable named ‘kmsd.exe’ that is downloaded from a remote server after a successful compromise. It is also designed to support multiple architectures such as Winx86, Arm64, mips64 and x86_64.
KmsdBot has the ability to perform scanning operations and download a list of username/password pairs to propagate itself. It also has the ability to control the mining process and update malware.
According to Akamai, the first confirmed malware targets were: Five Mis a multiplayer mod for Grand Theft Auto V that gives players access to custom roleplaying servers.
of DDoS attacks Observed by web infrastructure companies include: Layer 4 and Layer 7 attacksa flood of TCP, UDP, or HTTP GET requests, overwhelming the target server’s resources and hampering its ability to process and respond.
“This botnet is a great example of the complexity of security and how much it has evolved,” said Cashdollar. “What appears to have started as a gaming app bot has gone on to attack large luxury brands.”
Vulnerable software is increasingly being used in crypto miner deployments, jumping from 12% in Q1 2022 to 17% in Q3 2022, according to Kaspersky telemetry data. Nearly half (48%) of the malicious mining software samples analyzed secretly mined Monero (XMR).
“Interestingly, the most targeted country in Q3 2022 is Ethiopia (2.38%), where cryptocurrency use and mining is illegal,” says Russian cybersecurity firm Said“Kazakhstan (2.13%) and Uzbekistan (2.01%) follow in second and third place.”